Connect with us

Hi, what are you looking for?



AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group

Money mules are an important part of the criminal money laundering pipeline. They help channel the proceeds from fraud and other criminal activities to the criminals themselves while obfuscating the process. The UK’s Financial Conduct Authority has estimated that more than $40 billion is laundered every week, with only 1% intercepted and seized.

Money mules are an important part of the criminal money laundering pipeline. They help channel the proceeds from fraud and other criminal activities to the criminals themselves while obfuscating the process. The UK’s Financial Conduct Authority has estimated that more than $40 billion is laundered every week, with only 1% intercepted and seized.

A new report (PDF) from the P20 group (a collaborative thought leadership ‘sandbox’ seeking cooperation and joint action in the non-competitive areas of the global payments industry) has published recommendations on how to tackle the money mule aspect of illicit money laundering. 

Money mules are often dismissed as a rather benign part of criminal activity – but they are an important part of channeling illicit funds from the source of crime to the ultimate destination – whether that is criminal gangs, terrorists or even adversarial nation states. P20’s argument is fundamentally twofold. Firstly, if money mules can be disrupted, the movement of illegal money can be disturbed; and secondly, law enforcement and banks can follow the money back to the criminal source and forward to the criminal destination.

Key to achieving this is a greater use of AI-based mule detection systems. At a high level, this is analogous to modern cybersecurity thinking: assume you have already been breached and concentrate on response to mitigate effect. Finding, tracking and disrupting mules recognizes that the crime has been committed and then responds to the movement of the money to mitigate the amount received by the criminal organizers.

“The widespread reliance on money mules for money laundering gives banks and other payment service providers an opportunity to identify a variety of financial crimes. Finding the money mules and following the money can help fight fraud, identity theft and cybercrime, while preventing stolen money ending up in criminals’ hands,” explains Duncan Sandys, CEO at P20.

There are two areas where AI-based systems can help financial institutions: application fraud and payment fraud. The first uses Know Your Customer (KYC) principles to detect attempts to open accounts for fraudulent purposes. The second uses behavioral monitoring to detect an account that has developed into fraudulent use.

The report notes that there are three types of mules: complicit, witting, and unwitting. Complicit mules know what they are doing and may open multiple accounts to scale their operation. This is where KYC principles can prevent the development of the mule channel by declining the account.

Advertisement. Scroll to continue reading.

Witting mules may suspect something is wrong but ignore their instincts. Unwitting mules may genuinely be scammed into thinking they are doing something legal, and proceed just to make a little legal ‘pocket money’. In both cases, behavioral analysis on the account can be used to highlight suspicious activity. 

“If a person has a job that could justify weekly deposits of, say $1,000, and that suddenly jumps to $3,000 or $4,000,” P20’s president Peter Radcliffe told SecurityWeek, “that should throw up a warning sign that something has changed – maybe they’re laundering money.” AI-based behavioral tracking on accounts can help identify pattern changes that may be suspicious.

“Application of machine learning to anti-money laundering (AML) is a relatively new approach,” notes the report. “Most AML products on the market are built on a combination of rulesets and list-based screening. So, while more advanced techniques have been applied widely to combatting fraud, AML is still in the early stages of utilizing machine learning to improve prevention and detection efforts.”

Radcliffe is not overly worried about AI’s traditional weakness – false positives. The behavioral monitoring doesn’t cause automatic effects but just highlights situations that may require greater investigation. The problem is that this process is not yet being sufficiently followed by all financial institutions.

The report also notes two reasons it may be more consistent in the UK than in the US. Firstly, there are fewer but large banks who can afford the resources necessary to put such systems in place. But secondly, the UK banks have adopted a Contingent Reimbursement Model. “Firms,” notes the report, “must take reasonable steps to detect accounts which may be, or are being used, to receive Authorized Push Payment (APP) scam funds. This means that if banks don’t combat mules, then they may end up being liable for the fraud loss rather than the sending bank.”

Apart from using AI to detect money mules internally, P20 also urges greater mutual collaboration and information sharing between the banks. “Some of these mules may have 50 or more accounts paying in smaller amounts across 50 organizations,” said Radcliffe. “Why does anybody need 50 bank accounts?” Greater information sharing could detect issues like this, and leader to better overall anti-money laundering results.

Historically, the tools developed to address financial crime have been deployed in silos, limiting the ability to harness the full potential of the enterprise, the industry and public/private partnership. “A focused, collaborative approach to money mules could not only address this crucial link in crime networks but could serve as a model for broader cross-discipline collaboration to fight financial crime,” suggests the report.

P20 was conceived in 2016 as a joint UK/US group to focus on payments globally. It was officially launched in 2017 with the help of Jack Lew, the former US Treasury Secretary and the UK City Minister, Steve Barclay. It has offices in London UK  (the financial services capital of the world), and Atlanta USA (the payments capital of the U.S, processing 75% of $7.4 trillion in annual payments).

Related: How Economic Changes and Crypto’s Rise Are Fueling the use of “Cyber Mules”

Related: Russian Man Extradited to US for Laundering Ryuk Ransomware Money

Related: ‘Money Mule’ Operator Gets Seven-Year Prison Sentence

Related: U.S. Authorities Take Action Against 600 Money Mules

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...